Outside experts file briefs in EU Facebook privacy case

Experts filed briefs to meet Friday's deadline for comments in a contentious legal case that could impact the future of the internet in Europe.

The suit in an Irish court is pitting Facebook against Austrian privacy activist Max Schrems. The case deals with European privacy regulations and how they relate to overseas data transfers.

Schrems is arguing that Facebook’s contractual privacy guarantees were inadequate to protect European Union citizens from U.S. bulk surveillance.

ADVERTISEMENT

The Electronic Privacy Information Council (EPIC), an American privacy advocacy group, is one of a handful of organizations, invited to provide outside perspective, known as amicus briefs. in the case. Unlike the U.S., the Irish court requires potential amici to petition the court to participate. Others include the U.S. government, the trade group Business Software Alliance (BSA) and the European alliance of internet companies Digital Europe.

“Ultimately, we would argue that contracts cannot protect European citizens,” said Electronic Privacy Information Council Senior Counsel Alan Butler.

“Private companies can’t contract their way around the government."

This is the second major privacy case Schrems has launched along these lines. The first shuttered a data transfer privacy treaty between the U.S. and E.U. known as Safe Harbor on similar grounds. A new replacement to Safe Harbor, known as Privacy Shield was signed this year.

“We approximate that 80 percent of data transferred out of the E.U goes to a country outside of the U.S,” said Thomas Boué, director general of Europe, Middle East and Asia Policy at the BSA. “If these model [contractual] clauses aren’t upheld, that data cannot travel out of Europe, either.

Boué said the BSA argued in its amicus brief that for Europe to participate in the global internet, it would need to allow some form of data transfer outside of the continent.

International companies like Facebook prefer to have consolidated data centers rather than a data center in every country they do business with. Europe has so far struggled to find a way that U.S. companies can store personal data stateside soil without running afoul of the E.U.’s stringent privacy laws that frown on U.S.-style bulk surveillance.

“U.S. law does not provide a mechanism for Europeans to challenge their surveillance,” said Butler.

Butler said he looked forward to being a counterbalance for the U.S. government’s testimony in the case. He said he thought Americans on either side of the debate should be excited to see fresh eyes on the contentious debate over its intelligence data harvesting programs.

“The Schrems case provides an excellent opportunity to get external review of how mass surveillance protects us all,” he said.